package com.mall.common.xss;

import com.mall.common.utils.html.EscapeUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/**
 * XSS过滤处理
 * Created by zhonglin on 2020/4/8.
 */
public class XssHttpServletRequestWrapper
    extends HttpServletRequestWrapper {

  /**
   * @param request
   */
  public XssHttpServletRequestWrapper(HttpServletRequest request) {

    super(request);
  }

  @Override
  public String[] getParameterValues(String name) {

    String[] values = super.getParameterValues(name);
    if (values != null) {
      int      length        = values.length;
      String[] escapseValues = new String[length];
      for (int i = 0;
           i < length;
           i++) {
        // 防xss攻击和过滤前后空格
        escapseValues[i] = EscapeUtil.clean(values[i])
                                     .trim();
      }
      return escapseValues;
    }
    return super.getParameterValues(name);
  }

}